Sixtyvividtails

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2008 SP2 **Description** The IsHandleEntrySecure function in win32k.sys does not properly validate the `tagPROCESSINFO pW32Job` field, allowing local users to cause a denial of service via a crafted `NtUserValidateHandleSecure` call for an owned object. This can result in a NULL pointer dereference and system crash. The vendor reportedly disputes the significance of this report, considering it a local denial of service rather than a security vulnerability. **Recommendations** For Microsoft Windows Server 2008 SP2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.